Progress and Privacy: Can We Have Both? – ICD Brief 66.

ICD Brief 66.

11.12.2017.-17.12.2017.

Top stories include a summary of the cyber initiatives appearing in the US $700 Billion 2018 National Defense Authorization Act (NDAA) signed Tuesday and ramifications on privacy of the repeal of Net Neutrality by the Federal Communications Commission (FCC).

More on insurance giant AIG’s new cyber risk model and Lithuania’s planned cyber rapid response teams. NATO will integrate cyber weapons into its military operations and the Dutch government’s requirement for companies and organizations in “vital infrastructure” to report serious incidents.

Beyond the execution, logistics and coordination, each of these new initiatives will face competing requirements to protect personal identity as well as national security through increased information sharing and surveillance.

USA

“President Donald Trump signed the $700 billion National Defense Authorization Act (NDAA) on Tuesday, a law that sets policies and budget guidelines for the U.S. military for fiscal 2018, including its various cybersecurity-focused initiatives.”

“Net neutrality is certainly not dead. But it’s on life support. Already a group of State attorneys general are preparing a lawsuit to stop the decision. Others will file suit as well. This is going to be tied up in the courts for years. So don’t expect the big ISPs – Comcast, AT&T and Verizon – to trip over themselves enacting any major changes right out the gate. That may actually play into their opponents’ hands and make it easier for them to get a stay in court. But rest assured once the dust is settled, change is coming. That’s why we took the time to reach out to some industry experts for their opinions on what these upcoming changes mean for our privacy and for cyber security, in general.”

“Companies would be able to more easily interact with the Department of Homeland Security to battle cybersecurity incidents under a bill that passed the House by voice vote Dec. 11, former agency officials and cybersecurity pros told Bloomberg Law.”

“U.S. Rep. Elise M. Stefanik, R-Willsboro, spoke Thursday to the Times about recent efforts to improve the nation’s cybersecurity strategy. Ms. Stefanik, a member of the House Armed Services Subcommittee on Emerging Threats and Capabilities, discussed a new provision included in the FY 2018 National Defense Authorization Act that keeps members of Congress more up to date on growing cybersecurity threats facing the United States.”

“The US House of Representatives on Monday unanimously passed H.R. 3359, a legislation that would redesignate the Department of Homeland Security’s National Protection and Programs Directorate (NPPD) as the Cybersecurity and Infrastructure Security Agency (CISA).”

Baltics/Lithuania

“The European Union on Monday gave the green light for Lithuania’s initiative to create cyber rapid response teams. The proposal is on a list of 17 projects approved by ministers from 25 EU member states in Brussels.”

China

“IN 2015, WHEN Lazarus Liu moved home to China after studying logistics in the United Kingdom for three years, he quickly noticed that something had changed: Everyone paid for everything with their phones. At McDonald’s, the convenience store, even at mom-and-pop restaurants, his friends in Shanghai used mobile payments. Cash, Liu could see, had been largely replaced by two smartphone apps: Alipay and WeChat Pay. One day, at a vegetable market, he watched a woman his mother’s age pull out her phone to pay for her groceries. He decided to sign up.”

Japan

“A business group representing Japan’s critical infrastructure sectors has submitted to the prime minister’s office a cybersecurity plan based on “self-help” within the private sector, cooperation among companies and sectors, and, finally, assistance from government where needed.”

NATO

“NATO announced plans last month to boost its cyber defense capabilities amid ongoing threats and hacking attempts from Russia, China, and North Korea. The move will allow NATO to adapt its command structure to integrate cyber weapons into its military operations in what is perhaps the international organization’s biggest policy shift in years, according to former NATO cyber defense adviser and retired US Air Force Col. Rizwan Ali.”

The Netherlands

“The Dutch government has drawn up a list of companies and organisations with vital infrastructure; these will have to report serious cyber incidents to the National Cyber Security Center (NCSC), part of the Ministry of Justice and Security.The list includes suppliers of drinking water, electricity and gas and a number of nuclear facilities. Also on the list are the main ports Rotterdam and Schiphol, as well as the Ministry of Infrastructure and Water Management. The Dutch Bank has named banks and money transfers processors.”

Singapore

“Personal information of 380,000 riders and drivers of ride-sharing app Uber in Singapore – including names, e-mail addresses, and mobile phone numbers – was exposed in the app’s data breach in 2016, making it the largest reported breach here to date.”

UK

“U.K. companies with even strong security are on alert because they could be held responsible for data breaches caused by employees following a recent landmark ruling, privacy and employment attorneys told Bloomberg Law.”

Cyber Risk Insurance

“American International Group, Inc. has launched a new cyber benchmarking model that quantifies and scores client cyber risk. The AIG model evaluates a client’s cyber security maturity against 10 common attack patterns across 11 commonly used technology devices. The model incorporates critical security data, such as current threat intelligence from multiple sources, effectiveness of an organization’s cyber controls, potential impact of a cyber breach on an organization, and insights gained from the thousands of cyber claims handled by AIG.”

Feature

“The looming imposition of a new data protection regulation in the EU is already sending tremors through the legal and IT worlds as organizations wake up to the fact that by May 25, 2018, they have to comply with the most intrusive technology regulation ever.”